A MULTI-COMPUTER SYSTEM OF COMBINED ANTIVIRUS DECOYS AND TRAPS FOR DETECTING MALWARE AND COMPUTER ATTACKS BASED ON MULTI-AGENT TECHNOLOGIES

Abstract

The work has a comprehensive approach to protecting the computer by creating a network of baits, which ensures effective detection of malicious traffic and analysis of new attacks. An innovative system is introduced, which includes baits capable of monitoring exclusively hostile traffic, which can significantly reduce the response time to potential threats and ensures high detection of attacks on the network. A multi -agent bait system is implemented, which combines a set of heterogeneous baits, each of which performs certain functions aimed at counteracting threats. Highly effective intellectual lures have been developed, which have the properties of autonomous agents and are characterized by adaptive behavior, which enables them to respond quickly and effectively to changes in the network environment. They are able to independently determine the features of attacks, adapt their behavior to threats and transmit relevant information to other components of the system, which significantly increases the efficiency of the entire network of baits.

The integration of key characteristics, such as reactivity, proactivity and social interaction of baits, is ensured. Reactivity is realized through the ability to analyze the environment, respond in a timely manner to change network traffic and adapt quickly to new attacks. Proactivity provides the possibility of baits not only to respond to existing threats, but also to anticipate potential attacks, modeling the behavior of the intruders and accordingly changing their work algorithms. The social capabilities of the developed system allow the lures to interact, exchange information about potential threats, coordinate actions and form a single network protection strategy. This implemented a flexible, adaptive and effective cybersecurity system that not only protects the network from attacks, but also actively studies the behavioral models of malefactors.

The multi -computer system is deployed, which includes baits and traps integrated at the corporate network nodes. This allows you to create a scaled environment for comprehensive threat analysis and effective risk management. Thanks to the modular approach, both centralized and decentralized architecture of the multi -gault system of baits have been implemented. In the centralized version, all collected data are transmitted to the central device of the network, where their comprehensive analysis is carried out, including statistical and behavioral. For this purpose, a data collection, processing and correlation system has been developed, which allows you to get a holistic picture of cyber threats in the network. On the basis of these data, the mechanism of training of machine learning models is implemented that allow you to predict potential attack vectors and automatically adapt the security system to new threats.

A flexible bait management system is introduced, which makes it easy to change the parameters of work, adapt the behavior of individual elements of the network and respond promptly to new threats. The whole system operates in constant self -study mode, which allows it to improve the algorithms of work without administrator intervention. This has created a dynamic corporate network protection system that is capable not only of real -time threats, but also proactively prevent potential attacks.